The present disclosure relates to authentication techniques, and more particularly, to a method and a system for identifying a user by observing, recording, and manipulating selective behavioral patterns and/or time patterns.
The introduction of electronic communications has demonstrated the need for security of all forms of data and communications exchange. Hackers have been able to perpetrate fraud and identification theft by intercepting communications, costing individuals and businesses around the world billions of dollars. In many cases, fraud has been executed even when encryption systems are part of the system architecture. Thus, strong and dynamic authentication is needed to ensure non-repudiation of an entity requesting access to sensitive information or for executing privileged transactions.
One method used for identifying a user is based on a secret identification code, also referred to as a PIN (Personal Identification Number) or password. In such a system, a user enters a PIN code or a password on a transaction terminal, which then transfers the entered PIN code to, for example, a chip card or other memory device, which checks the PIN code or password by comparing it with a reference PIN code or password. The security of such a system is guaranteed by the fact that the reference PIN code or password is stored within the chip card or memory device, which is inherently protected. However, the drawbacks of such a system include at least the fact that another individual can commit fraud by stealing this “secret” PIN code or password. Unfortunately, such methods for authorizing transactions or for controlling access can be easily compromised. Account numbers, passwords, PIN codes, etc. can be discovered by non-authorized persons or can be willingly disclosed by authorized users to non-authorized persons.
As traditional forms of personal identification become vulnerable to advancing technology, biometric identification has been increasingly seen as a viable approach to security of personal identification. Biometrics consists of acquiring, measuring and recognizing physical characteristics of a user. Biometrics makes it possible to directly identify a user whilst the PIN code or password method allows indirect identification by the fact of checking that the user knows a “secret.” Amongst the known techniques in physical biometrics, there are the methods of recognizing voice characteristics, characteristics peculiar to the shape of the face or to the iris of the eye or, in the most frequent case, fingerprint characteristics.
Biometric systems typically comprise an automated system having one or more biometric input devices capable of capturing a biometric sample from a user, extracting biometric data from the sample, comparing the biometric data with that contained in one or more reference templates, determining whether a match exists, indicating whether verification of identity has been achieved, and triggering an event based on the verification. Therefore, biometric access control systems are used to selectively restrict and/or permit access to various areas within a facility by requiring a biometric match and confirmation of access authorization prior to facilitating access.
The existing biometric identity check systems can be broken down into three phases.
The first phase is a phase of capturing biometric data from a sensor. The acquired biometric data are usually images, for example in the case of fingerprints, iris or face shape. However, it can also be a case of sound sequences in the case of voice recognition. The second phase is an analysis or extraction phase for extracting a biometric signature from biometric data captured during the first phase. This second phase is complex and requires high calculation power. The third phase consists of comparing the biometric signature obtained during the second phase with a reference signature defined previously during a procedure called “enrolling.”
Additionally, various token-based biometric technologies also exist. These suggest using smart cards, magnetic swipe cards, or paper checks in conjunction with fingerprints, hand prints, voice prints, retinal images, facial scans or handwriting samples. Biometrics are generally either stored in electronic and reproducible form on the token itself, or used in tandem with the user directly using magnetic swipe cards, paper checks or a PC (Personal Computer).
However, even physical biometric systems and token-based biometric technologies can be compromised by hackers. The present disclosure is intended to overcome the drawbacks of these physical biometric methods by exploiting a class of behaviors (e.g., behavioral biometrics) employed to identify a user. In particular, the present disclosure relates to a system and method for identifying a user by observing, recording, and manipulating selective behavioral patterns and time patterns. The present disclosure further relates to progressively evaluating the identification of a user by using behavioral cues.